logstash to install and simple to use
------------------------------------------------
1 : Install the JDK :
[root@elk03tools]# rpm -ivh jdk-8u221-linux-x64.rpm
warning: jdk-8u221-linux-x64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:jdk1.8-2000:1.8.0_221-fcs ################################# [100%]
Unpacking JAR files...
2 : Installation logstash :
[root@elk03tools]# wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.1.1/logstash-7.1.1.rpm
[root@elk03tools]# yum localinstall -y logstash-7.1.1.rpm
Authorization catalog:
[root@elk03tools]# chown -R logstash.logstash /usr/share/logstash/
3: Test logstash standard input and standard output:
[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug }}'
.......
The stdin plugin is now waiting for input:
.... start very slowly, please be patient, appear input on behalf of the successful start
Input: GGJ , returned:
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"message" => "ggj",
"@timestamp" => 2019-09-06T14:40:22.382Z,
"host" => "elk126",
"@version" => "1"
}
4: Test logstash standard input to the file:
[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { file { path => "/tmp/test_%{+YYYY.MM.dd}.log"}}'
.......
Input:
sadsd
[INFO ] 2019-09-06 22:49:51.269 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>125, :thread=>"#<Thread:0x12965992 run>"}
[INFO ] 2019-09-06 22:49:51.835 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[INFO ] 2019-09-06 22:49:52.430 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2019-09-06 22:49:56.909 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2019-09-06 22:49:59.934 [[main]>worker0] file - Opening file {:path=>"/tmp/test_2019.09.06.log"}
j[INFO ] 2019-09-06 22:50:13.769 [[main]>worker0] file - Closing file /tmp/test_2019.09.06.log
Check whether the contents of the file have just entered:
[root@elk03tmp]# cat test_2019.09.06.log
{"@timestamp":"2019-09-06T14:49:52.212Z","host":"elk126","@version":"1","message":"sadsd"}
[root@elk03tmp]#
5: Test logstash standard input into the ES ( elasticsearch ):
[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { elasticsearch { hosts =>["192.168.6.124:9200"] index => "xujin_%{+YYYY.MM.dd}" }}'
.............
The stdin plugin is now waiting for input:
[INFO ] 2019-09-06 22:55:30.818 [Ruby-0-Thread-5: :1] elasticsearch - Installing elasticsearch template to _template/logstash
[INFO ] 2019-09-06 22:55:31.463 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2019-09-06 22:55:34.903 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
the Test xujin - to EL (the content inputs)
